Apple Developer Site Compromised

Several days after taking its developer Web site down without a mention of the reason, Apple has revealed that attackers had breached the site. The company said that while it can’t rule out the theft of developers’ data, all of the sensitive personal information was encrypted.

Apple posted a notice on its developer Web site and also sent an email to developers who have accounts with the company, saying that as a result of the breach Apple is making some changes on its back end infrastructure and also is rebuilding the developer database.

“Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then,” the notice says.

“In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.”

Apple’s developer site serves as a resource for people who write apps for the company’s various platforms, including OS X and iOS. The site, as the company said, has been down since July 18, but it wasn’t until Sunday that the company provided any information about the incident or why the site had been taken offline. Apple is a frequent target for attackers of all stripes, as are its users and developers. The company itself admitted earlier this year that it was hit by an intrusion from a group of attackers who used a Java zero day vulnerability. The same group had breached Facebook, as well.

Apple’s iTunes store has been hit by various attacks in recent years, as well.

About Dennis Fisher

Dennis Fisher is a journalist with more than 13 years of experience covering information security.

Comments (3)

“Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed.”

Recommended Reads

OS X security researcher Patrick Wardle is expected at Black Hat to demonstrate how to write advanced Mac malware, including Gatekeeper and Xprotect bypasses, in hopes of raising awareness to the current state of OS malware detection.

In the second quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 379,972,834 malicious attacks from online resources. There were 5,903,377 registered notifications about attempte...

Innovative technologies are conquering the financial market, opening up new opportunities for startups. The volume of investment in projects for the banking sector is constantly growing, as is its pot...